On Thu, 7 Jan 2021 at 15:34, Alexandru Gagniuc <mr.nuke...@gmail.com> wrote: > > mkimage supports rsa2048, and rsa4096 signatures. With newer silicon > now supporting hardware-accelerated ECDSA, it makes sense to expand > signing support to elliptic curves. > > Implement host-side ECDSA signing and verification with libcrypto. > Device-side implementation of signature verification is beyond the > scope of this patch. > > Signed-off-by: Alexandru Gagniuc <mr.nuke...@gmail.com> > --- > common/image-sig.c | 11 +- > include/image.h | 3 + > include/u-boot/ecdsa.h | 94 +++++++++++ > lib/ecdsa/ecdsa-libcrypto.c | 306 ++++++++++++++++++++++++++++++++++++ > tools/Makefile | 3 + > 5 files changed, 415 insertions(+), 2 deletions(-) > create mode 100644 include/u-boot/ecdsa.h > create mode 100644 lib/ecdsa/ecdsa-libcrypto.c
Reviewed-by: Simon Glass <s...@chromium.org> But you should check the return value of do_sign(). Why do you call ecdsa_check_signature() afterwards? Can you not trust the library? Regards, Simon
